More than 90% of Europe businesses ‘unprepared for GDPR’

Businesses across Europe are unprepared for the EU’s General Data Protection Regulation (GDPR), which comes into force next May, with some 92% of business managers saying they’re not ready for it, according to just-published research carried out on behalf of RSM, the global accountancy firm and consultancy.

The research, based on a survey completed by some 400 business leaders, was carried out for RSM by the European Business Awards, a London-based, pro-best-practice organisation which is best known for its annual awards. These business leaders were asked about their companies’ preparedness for GDPR, and to say how they thought their need to comply with it was likely to impact their operations.

Among the most “worrying” findings, according to RSM, was that in addition to fewer than 8% of the European business leaders saying they were ready for GDPR – with less than eight months to go before it takes effect – some 28% of those said they were utterly unaware of the regulation.

And of those business leaders who said they were familiar with it, and their company’s strategy for dealing with it, more than one in four, or 26%, said their organisations would not be compliant by the 25 May, 2018 deadline.

Businesses that fail to comply could face fines equal to up to 4% of their global turnover or €20m, whichever is higher, RSM noted, in a summary of the report’s findings.

Cutbacks in other areas seen

Another key finding was that a number of business leaders reported that their companies have been cutting back on expenditure in certain areas, including their efforts to develop innovative new products (23%) or to expand internationally (22%), in order to focus on getting ready for GDPR.

RSM chief executive Jean Stephens said that although the company – which advises clients on their GDPR planning and compliance efforts – has seen an increase in clients asking about GDPR as the May 2018 deadline approached, “it is clear from this research that many businesses do not fully comprehend the hurdles they will have to overcome ahead of the fast-approaching deadline”.

“Business leaders need to understand that this is not a simple tick-box exercise,” she added.

“They will likely need to implement significant changes that could impact their organisation as a whole, and so the sooner they begin to prepare, the better.”

Other findings in the RSM report:

Of those business surveyed who said they were looking at the regulation, 51% believe it is too complicated for SMEs and middle market businesses;

Some 41% of those surveyed who said they were “involved in or aware of” their organisation’s strategy said they believe the requirements of the GDPR regulation will “significantly increase their business expenditure, including spending on consulting services”

The use of external expertise is increasingly prevalent, with 60% of the business leaders surveyed saying they were looking for external support in order to meet the May 2018 deadline

In spite of the regulation’s complexity and the cost and hassle of having to comply with it, 52% of those surveyed said they appreciated the regulation’s necessity, and that it was needed to monitor the use of personal data.